Weekly released mini-blogs featuring signs you may be hacked and how to fix them.
Redirected Internet Searches
There are websites that pay third parties to bring people to their site. Some of those third parties are legitimate (like Google). But sometimes those third parties are hackers. The hacker doesn’t care how he gets people to the site. And often the website that pays them can’t tell or doesn’t care that people who come to their site have been forcibly redirected. This is how a hacker can get paid to redirect you from where you want to go to another website.
In general, if you have bogus toolbar programs like we described in last week’s article, you’re being redirected. You also may be unaware that you have been infected with one of the many forms of malware that will forcibly redirect you.
You can often spot this type of malware by typing a few related, very common words (for example, “puppy” or “goldfish”) into internet search engines and checking to see whether the same websites appear in the results. But be aware many of today’s redirected internet searches are well hidden from the user; so the bogus results are never returned to alert the user. If you see that the search results have no relevance to what you are looking for, you are probably being forcibly redirected.
Technical users who really want to confirm can sniff a browser or network traffic. The traffic sent and returned will always be distinctly different on a compromised computer vs. and uncompromised computer.
WHAT TO DO
Follow the same instructions as above. Usually removing the bogus toolbars and programs is enough to get rid of malicious redirection.
WHAT TO DO – BEFORE INFECTION
• Make sure your software is completely patched and up to date. Enable automatic update features in your Operating System and software applications.
• Make regular backups.
WHAT TO DO – AFTER INFECTION
1. Power down your computer. If you need to save anything, do so.
2. Boot up the computer system in Safe Mode, No Networking, and try to uninstall the newly installed software. Oftentimes it can be uninstalled like a regular program.
3. Restore a system backup from a state previous to infection or being redirected.
4. Test the computer in regular mode and make sure that the redirection is gone.
5. Then follow up with a complete antivirus scan. Oftentimes, the scanner will find other remnants left behind and clean those up.